[bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by def…

…ault (#22687) * [bitnami/thanos] feat!: ♻️ 🔒 Refactor and enable NetworkPolicy by default Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Allow ingress for members of the chart Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * fix: 🐛 Add allowExternalEgress Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * test: 🔧 Update cypress endpoint Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * Update values.yaml Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * chore: ♻️ Unify queryfrontend and query-frontend Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> Signed-off-by: Javier J. Salmerón-García <jsalmeron@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
bitnami · Feb 14, 2024 · 89643fd · 89643fd
1 parent 56ceae7
commit 89643fd
Show file tree

Hide file tree

Showing 110 changed files with 1,717 additions and 584 deletions.
diff --git a/bitnami/thanos/Chart.yaml b/bitnami/thanos/Chart.yaml
@@ -35,4 +35,4 @@ maintainers:
 name: thanos
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/thanos
-version: 12.23.2
+version: 13.0.0
diff --git a/bitnami/thanos/README.md b/bitnami/thanos/README.md
diff --git a/bitnami/thanos/templates/NOTES.txt b/bitnami/thanos/templates/NOTES.txt
@@ -2,12 +2,11 @@ CHART NAME: {{ .Chart.Name }}
 CHART VERSION: {{ .Chart.Version }}
 APP VERSION: {{ .Chart.AppVersion }}
 
-{{- $query := (include "thanos.query.values" . | fromYaml) -}}
 ** Please be patient while the chart is being deployed **
 
 Thanos chart was deployed enabling the following components:
 
-{{- if $query.enabled }}
+{{- if .Values.query.enabled }}
 - Thanos Query
 {{- end }}
 {{- if .Values.bucketweb.enabled }}
@@ -23,45 +22,45 @@ Thanos chart was deployed enabling the following components:
 - Thanos Store Gateway
 {{- end }}
 
-{{- if $query.enabled }}
+{{- if .Values.query.enabled }}
 
 Thanos Query can be accessed through following DNS name from within your cluster:
 
-    {{ include "common.names.fullname" . }}-query.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ if $query.service.http }}{{ coalesce $query.service.ports.http $query.service.http.port }}{{ else }}{{ $query.service.ports.http }}{{ end }})
+    {{ include "thanos.query.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.query.service.ports.http }})
 
 To access Thanos Query from outside the cluster execute the following commands:
 
-{{- if $query.ingress.enabled }}
+{{- if .Values.query.ingress.enabled }}
 
 1. Get the Thanos Query URL and associate Thanos Query hostname to your cluster external IP:
 
    export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
-   echo "Thanos Query URL: http{{ if $query.ingress.tls }}s{{ end }}://{{ $query.ingress.hostname }}/"
-   echo "$CLUSTER_IP  {{ $query.ingress.hostname }}" | sudo tee -a /etc/hosts
+   echo "Thanos Query URL: http{{ if .Values.query.ingress.tls }}s{{ end }}://{{ .Values.query.ingress.hostname }}/"
+   echo "$CLUSTER_IP  {{ .Values.query.ingress.hostname }}" | sudo tee -a /etc/hosts
 
 {{- else }}
 
 1. Get the Thanos Query URL by running these commands:
 
-{{- if contains "NodePort" $query.service.type }}
+{{- if contains "NodePort" .Values.query.service.type }}
 
-    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}-query)
+    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "thanos.query.fullname" . }})
     export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
     echo "http://${NODE_IP}:${NODE_PORT}"
 
-{{- else if contains "LoadBalancer" $query.service.type }}
+{{- else if contains "LoadBalancer" .Values.query.service.type }}
 
   NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-        You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}-query'
+        You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "thanos.query.fullname" . }}'
 
-    export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query)
-    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-query -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+    export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }})
+    export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "thanos.query.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
     echo "http://${SERVICE_IP}:${SERVICE_PORT}"
 
-{{- else if contains "ClusterIP" $query.service.type }}
+{{- else if contains "ClusterIP" .Values.query.service.type }}
 
-    export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query)
-    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }}-query ${SERVICE_PORT}:${SERVICE_PORT} &
+    export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "thanos.query.fullname" . }})
+    kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "thanos.query.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} &
     echo "http://127.0.0.1:${SERVICE_PORT}"
 
 {{- end }}

diff --git a/bitnami/thanos/templates/_helpers.tpl b/bitnami/thanos/templates/_helpers.tpl
@@ -21,6 +21,62 @@ Fully qualified app name for PostgreSQL
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the proper Thanos bucketweb fullname
+*/}}
+{{- define "thanos.bucketweb.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "bucketweb" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos compactor fullname
+*/}}
+{{- define "thanos.compactor.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "compactor" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos query-frontend fullname
+*/}}
+{{- define "thanos.query-frontend.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "query-frontend" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos query fullname
+*/}}
+{{- define "thanos.query.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "query" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos receive-distributor fullname
+*/}}
+{{- define "thanos.receive-distributor.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "receive-distributor" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos receive fullname
+*/}}
+{{- define "thanos.receive.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "receive" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos compactor fullname
+*/}}
+{{- define "thanos.ruler.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "ruler" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper Thanos storegateway fullname
+*/}}
+{{- define "thanos.storegateway.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "storegateway" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 Return the proper Thanos image name
 */}}
@@ -104,40 +160,22 @@ Return true if a secret object should be created
 {{- end -}}
 {{- end -}}
 
-{{/*
-Return a YAML of either .Values.query or .Values.querier
-If .Values.querier is used, we merge in the defaults from .Values.query, giving preference to .Values.querier
-*/}}
-{{- define "thanos.query.values" -}}
-{{- if .Values.querier -}}
-    {{- if .Values.query -}}
-        {{- mergeOverwrite .Values.query .Values.querier | toYaml -}}
-    {{- else -}}
-        {{- .Values.querier | toYaml -}}
-    {{- end -}}
-{{- else -}}
-    {{- .Values.query | toYaml -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Return the Thanos Query Service Discovery configuration configmap.
 */}}
 {{- define "thanos.query.SDConfigmapName" -}}
-{{- $query := (include "thanos.query.values" . | fromYaml) -}}
-{{- if $query.existingSDConfigmap -}}
-    {{- printf "%s" (tpl $query.existingSDConfigmap $) -}}
+{{- if .Values.query.existingSDConfigmap -}}
+    {{- printf "%s" (tpl .Values.query.existingSDConfigmap $) -}}
 {{- else -}}
-    {{- printf "%s-query-sd-configmap" (include "common.names.fullname" .) -}}
+    {{- printf "%s-query-sd" (include "common.names.fullname" .) -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
 Return true if a configmap object should be created
 */}}
 {{- define "thanos.query.createSDConfigmap" -}}
-{{- $query := (include "thanos.query.values" . | fromYaml) -}}
-{{- if and $query.sdConfig (not $query.existingSDConfigmap) }}
+{{- if and .Values.query.sdConfig (not .Values.query.existingSDConfigmap) }}
     {{- true -}}
 {{- else -}}
 {{- end -}}
@@ -150,7 +188,7 @@ Return the Thanos Ruler configuration configmap.
 {{- if .Values.ruler.existingConfigmap -}}
     {{- printf "%s" (tpl .Values.ruler.existingConfigmap $) -}}
 {{- else -}}
-    {{- printf "%s-ruler-configmap" (include "common.names.fullname" .) -}}
+    {{- printf "%s-ruler" (include "common.names.fullname" .) -}}
 {{- end -}}
 {{- end -}}
 
@@ -161,11 +199,10 @@ Return the queryURL used by Thanos Ruler.
 {{- if and .Values.queryFrontend.enabled .Values.queryFrontend.ingress.enabled .Values.queryFrontend.ingress.hostname .Values.queryFrontend.ingress.overrideAlertQueryURL -}}
 {{- printf "http://%s" (tpl .Values.queryFrontend.ingress.hostname .) -}}
 {{- else -}}
-{{- $query := (include "thanos.query.values" . | fromYaml) -}}
 {{- if .Values.ruler.queryURL -}}
     {{- printf "%s" (tpl .Values.ruler.queryURL $) -}}
 {{- else -}}
-    {{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int  $query.service.ports.http) -}}
+    {{- printf "http://%s-query.%s.svc.%s:%d" (include "common.names.fullname" . ) .Release.Namespace .Values.clusterDomain (int  .Values.query.service.ports.http) -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
@@ -187,7 +224,7 @@ Return the Thanos storegateway configuration configmap.
 {{- if .Values.storegateway.existingConfigmap -}}
     {{- printf "%s" (tpl .Values.storegateway.existingConfigmap $) -}}
 {{- else -}}
-    {{- printf "%s-storegateway-configmap" (include "common.names.fullname" .) -}}
+    {{- printf "%s-storegateway" (include "common.names.fullname" .) -}}
 {{- end -}}
 {{- end -}}
 
@@ -198,7 +235,7 @@ Return the Thanos Query Frontend configuration configmap.
 {{- if .Values.queryFrontend.existingConfigmap -}}
     {{- printf "%s" (tpl .Values.queryFrontend.existingConfigmap $) -}}
 {{- else -}}
-    {{- printf "%s-query-frontend-configmap" (include "common.names.fullname" .) -}}
+    {{- printf "%s-query-frontend" (include "common.names.fullname" .) -}}
 {{- end -}}
 {{- end -}}
 
@@ -222,6 +259,94 @@ Return true if a configmap object should be created
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create the name of the service account to use (bucketweb)
+*/}}
+{{- define "thanos.bucketweb.serviceAccountName" -}}
+{{- if .Values.bucketweb.serviceAccount.create -}}
+    {{ default (include "thanos.bucketweb.fullname" .) .Values.bucketweb.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.bucketweb.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (compactor)
+*/}}
+{{- define "thanos.compactor.serviceAccountName" -}}
+{{- if .Values.compactor.serviceAccount.create -}}
+    {{ default (include "thanos.compactor.fullname" .) .Values.compactor.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.compactor.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (query)
+*/}}
+{{- define "thanos.query.serviceAccountName" -}}
+{{- if .Values.query.serviceAccount.create -}}
+    {{ default (include "thanos.query.fullname" .) .Values.query.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.query.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (queryFrontend)
+*/}}
+{{- define "thanos.query-frontend.serviceAccountName" -}}
+{{- if .Values.queryFrontend.serviceAccount.create -}}
+    {{ default (include "thanos.query-frontend.fullname" .) .Values.queryFrontend.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.queryFrontend.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (receive)
+*/}}
+{{- define "thanos.receive.serviceAccountName" -}}
+{{- if .Values.receive.serviceAccount.create -}}
+    {{ default (include "thanos.receive.fullname" .) .Values.receive.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.receive.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (receiveDistributor)
+*/}}
+{{- define "thanos.receive-distributor.serviceAccountName" -}}
+{{- if .Values.receiveDistributor.serviceAccount.create -}}
+    {{ default (include "thanos.receive-distributor.fullname" .) .Values.receiveDistributor.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.receiveDistributor.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (ruler)
+*/}}
+{{- define "thanos.ruler.serviceAccountName" -}}
+{{- if .Values.ruler.serviceAccount.create -}}
+    {{ default (include "thanos.ruler.fullname" .) .Values.ruler.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.ruler.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use (storegateway)
+*/}}
+{{- define "thanos.storegateway.serviceAccountName" -}}
+{{- if .Values.storegateway.serviceAccount.create -}}
+    {{ default (include "thanos.storegateway.fullname" .) .Values.storegateway.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.storegateway.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return the Thanos Compactor pvc name
 */}}
@@ -345,51 +470,6 @@ false
 {{- end }}
 {{- end }}
 
-{{/* Service account name
-Usage:
-{{ include "thanos.serviceAccountName" (dict "component" "bucketweb" "context" $) }}
-*/}}
-{{- define "thanos.serviceAccountName" -}}
-{{- $component := index .context.Values .component -}}
-{{- if eq .component "query-frontend" -}}
-{{- $component = index .context.Values "queryFrontend" -}}
-{{- else if eq .component "receive-distributor" -}}
-{{- $component = index .context.Values "receiveDistributor" -}}
-{{- end -}}
-{{- if not (include "thanos.serviceAccount.useExisting" (dict "component" .component "context" .context)) -}}
-    {{- if $component.serviceAccount.create -}}
-        {{- if eq .context.Values.serviceAccount.name "" -}}
-            {{ default (printf "%s-%s" (include "common.names.fullname" .context) .component) $component.serviceAccount.name }}
-        {{- else -}}
-            {{ default (printf "%s-%s" (.context.Values.serviceAccount.name) .component) $component.serviceAccount.name }}
-        {{- end -}}
-    {{- else if .context.Values.serviceAccount.create -}}
-        {{ default (include "common.names.fullname" .context) .context.Values.serviceAccount.name  }}
-    {{- else -}}
-        {{ default "default" (coalesce $component.serviceAccount.name .context.Values.serviceAccount.name ) }}
-    {{- end -}}
-{{- else -}}
-    {{ default (printf "%s-%s" (include "common.names.fullname" .context) .component) (coalesce $component.serviceAccount.existingServiceAccount .context.Values.existingServiceAccount) }}
-{{- end -}}
-{{- end -}}
-
-{{/* Service account use existing
-{{- include "thanos.serviceAccount.useExisting" (dict "component" "bucketweb" "context" $) -}}
-*/}}
-{{- define "thanos.serviceAccount.useExisting" -}}
-{{- $component := index .context.Values .component -}}
-{{- if eq .component "query-frontend" -}}
-{{- $component = index .context.Values "queryFrontend" -}}
-{{- else if eq .component "receive-distributor" -}}
-{{- $component = index .context.Values "receiveDistributor" -}}
-{{- end -}}
-{{- if .context.Values.existingServiceAccount -}}
-    {{- true -}}
-{{- else if $component.serviceAccount.existingServiceAccount -}}
-    {{- true -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Return true if a hashring configmap object should be created
 */}}
@@ -400,7 +480,6 @@ Return true if a hashring configmap object should be created
 {{- end -}}
 {{- end -}}
 
-
 {{/*
 Return the Thanos receive hashring configuration configmap.
 */}}

diff --git a/bitnami/thanos/templates/alert-rule/query.yml b/bitnami/thanos/templates/alert-rule/query.yml
@@ -10,7 +10,7 @@ Generated from https://github.com/thanos-io/thanos/blob/main/examples/alerts/ale
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ template "common.names.fullname" . }}-query
+  name: {{ include "thanos.query.fullname" . }}
   namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
     {{- if .Values.metrics.prometheusRule.additionalLabels }}